Starting from the center command and working outward, I'm invoking findstr to look for the string CVE-2008-4250 in all .nsr files. That command will execute in my FOR /F loop because it's in single quotes (' '). I'll have one line of output for each line that contains that string, of the form filename:line. I take those lines of output and iterate over them in my FOR /F loop, with delimeters of : and |. That way, it'll split up my file name (before the colon) and IP address in the NSR file (before the |). I set my iterator variable to the token 2, so that it will take on the IP address from the file. I simply then echo out the contents of that variable.

All in all, a pretty standard use of FOR /F loops to parse the output of a command, in this case, the findstr command. You could sort it alphanumerically (sigh... not numerically) by putting parens around the whole shebang and piping it through sort, if you really want to. There you have it.

Paul Responds:

Ed and I had a discussion about Nessus file formats, and I will spare everyone any confusion and provide the following link:

https://discussions.nessus.org/thread/1124?tstart=0

At one time, .nsr was the way to go, however I recommend that people start looking into the .nessus (XML) format. We'll save that for a future episode :)